Problem with Exchange 5.5/NT/Outlook 2k Authentication - URGENT

From: Nate (anonymous_at_discussions.microsoft.com)
Date: 05/21/04 

Date: Fri, 21 May 2004 06:44:06 -0700

I also posted this in the domain section under Win NT 4

Ok, this is an odd one and hard to explain so bear with me.

We have several users that are in workgroups and other
domains that need access to our exchange server. They've
been using Outlook and just have to type in a valid
username, domain, and password. It had been working
fine. All until one day we decided to patch our exchange
server (win2k) with the latest security patches. When the
exchange server was rebooted, the users in workgroups
could no longer get email. After looking through the logs
it was discovered that the clients were passing the local
user and machine information instead of the domain
information typed into outlook. Well, obviously, we
thought we had a problem with the patches. Once we
removed all of them and reinstalled SP4, it started
working again. Of course, now we had a production
exchange server with absolutely no security holes filled
in. Everytime we tried to install security patches and
reboot, it would stop working again. Well, at this point,
I thought I had a bad Exchange server, corrupt registry or
something. I built a temporary pdc and built a new
exchange server in a offline network. I patched it with
the latest security patches and tested it with a machine
that was in a workgroup. Outlook worked. So I swapped
exchange servers. I tested with a machine in a workgroup,
DID NOT WORK!! AHHHH! Anyways, I decided to go to
extremes and powered off the PDC...rebooted exchange and
it machines in a workgroup started working again. Ok, bad
PDC...so I promoted the BDC, turned off the old pdc, and
tested with a machine in a workgroup, still worked. I
then built a new BDC, brought it online, got WINS set up,
all that stuff. Tested with a workgroup machine, DID NOT
WORK AGAIN!! I powered off the new BDC and it started
working again.

I've left the BDC off so that people can work. I'm pretty
confused on what this could be. I'm pretty sure the
problem does lie in our domain controllers but I'm not
sure where to look. I don't see any errors in the logs
that really point me in the right direction. Here is some
more info:

(the old pdc is not listed, the promoted pdc now has the
ip address of the old pdc)
PDC
192.168.1.2
WINS
DHCP

BDC (local) (turned off for now)
192.168.70.3
WINS

BDC (remote)
192.168.250.2
WINS

WINS on the bdc's push/pull to the pdc

Exchange
192.168.1.18

Everything pings everything else ok, no other problems
that I'm aware of. We do not use any lmhost or host files.

Here is what the Exchange server logs say when someone
logs in with a machine in a workgroup, when everything is
working properly:

Successful Network Logon:
     User Name: temp
     Domain: DOMAIN
     Logon ID: (0x0,0x44B2F)
     Logon Type: 3
     Logon Process: NtLmSsp
     Authentication Package: NTLM
     Workstation Name: temppc

Here is what the Exchange server logs when someone tries
to log into Outlook with a machine in a workgroup. As you
can see, it reports back the login for the machine, rather
than the login for Outlook:

The logon to account: administrator
 by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 from workstation: temppc
 failed. The error code was: 3221225572

Logon Failure:
     Reason: Unknown user name or bad password
     User Name: administrator
     Domain:
     Logon Type: 3
     Logon Process: NtLmSsp
     Authentication Package: NTLM
     Workstation Name: temppc

Well, if you've read this far down, I appreciate you
taking the time to understand my problem (and it's a
doozy) I also, do appreciate suggestions, ideas, and
solutions to this. If you have any questions about my
setup, please don't hesitate to ask. Thanks for the help!
.

Relevant Pages

  • Re: dns server error
    ... > i transfered the all 5 roles of pdc to one bdc, ... > that i started to face problem with domain controller ... > able to create mail box on exchange server, ...
    (microsoft.public.win2000.dns)
  • Re: Exchange Server Monitoring
    ... you dont have the Exchange WMI class so you need to using the ... The logs files are a simple text format although the format ... Number of messages sent by the exchange server. ...
    (microsoft.public.exchange.development)
  • Re: Something keeps corrupting log files!
    ... >anything in the event viewer that would shed any light on what could be doing ... The server is backed up nightly via Veritas Backup Exec, ... >Exchange Server. ... >50-60G free space on the drive that hosts the databases and logs at any time. ...
    (microsoft.public.exchange2000.information.store)
  • Re: Dual Domain Controllers
    ... "change" my PDC, I'd rather do that. ... the exchange server is still a member of the existing domain, ... DC or I should install another machine? ... the clients to use the new dc as DNS server. ...
    (microsoft.public.win2000.active_directory)
  • Re: Log shipping
    ... Keeps saying "without making a connection to the exchange server". ... Exchange server creates transaction logs and keeps uncommited records ...
    (microsoft.public.exchange.applications)